My sendmail program shut down a little while ago, no mail being accepted.
I looked up the mail logs and get lots of:
=========================
May 26 17:14:37 jessica postfix/smtpd[16026]: lost connection after CONNECT from dynamic-adsl-78-14-7-173.clienti.tiscali.it[78.14.7.173] May 26 17:14:37 jessica postfix/smtpd[16044]: lost connection after CONNECT from unknown[95.73.35.183] May 26 17:16:29 jessica postfix/smtpd[16063]: disconnect from unknown[95.65.153.160] May 26 17:16:29 jessica postfix/smtpd[15112]: disconnect from unknown[178.124.116.61] May 26 17:16:29 jessica postfix/smtpd[15470]: disconnect from unknown[89.121.233.73] May 26 17:14:37 jessica postfix/smtpd[16312]: lost connection after CONNECT from dynamic-adsl-78-14-7-173.clienti.tiscali.it[78.14.7.173] May 26 17:17:38 jessica postfix/smtpd[16312]: disconnect from dynamic-adsl-78-14-7-173.clienti.tiscali.it[78.14.7.173] May 26 17:16:29 jessica postfix/smtpd[15113]: disconnect from unknown[178.124.116.61] May 26 17:14:37 jessica postfix/smtpd[15574]: lost connection after CONNECT from unknown[109.188.251.107] May 26 17:16:29 jessica postfix/smtpd[15485]: connect from localhost[127.0.0.1] May 26 17:16:29 jessica postfix/smtpd[15115]: disconnect from unknown[178.124.116.61] May 26 17:17:38 jessica postfix/smtpd[15485]: lost connection after CONNECT from localhost[127.0.0.1] May 26 17:14:37 jessica postfix/smtpd[15521]: lost connection after CONNECT from unknown[188.56.248.138] May 26 17:14:37 jessica postfix/smtpd[15538]: lost connection after CONNECT from unknown[87.109.237.52] May 26 17:16:29 jessica postfix/smtpd[15545]: disconnect from gays233.steakonion.info[216.155.44.233] May 26 17:16:29 jessica postfix/smtpd[15116]: connect from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/smtpd[15116]: lost connection after CONNECT from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/smtpd[15116]: disconnect from localhost[127.0.0.1] May 26 17:16:29 jessica postfix/smtpd[15559]: disconnect from unknown[92.84.8.240] May 26 17:17:38 jessica postfix/smtpd[15116]: connect from localhost[127.0.0.1] May 26 17:16:29 jessica postfix/smtpd[15126]: disconnect from unknown[178.124.116.61] May 26 17:14:37 jessica postfix/smtpd[15441]: lost connection after CONNECT from unknown[178.124.116.61]
a little later on in the log:
May 26 17:18:11 jessica postfix/smtpd[12510]: lost connection after CONNECT from localhost[127.0.0.1] May 26 17:18:11 jessica postfix/smtpd[12510]: disconnect from localhost[127.0.0.1] May 26 17:17:27 jessica postfix/smtpd[10278]: lost connection after CONNECT from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/smtpd[15481]: disconnect from cpc2-cwma4-0-0-cust138.swan.cable.ntl.com[81.110.108.139] May 26 17:18:11 jessica postfix/smtpd[10278]: disconnect from localhost[127.0.0.1] May 26 17:16:29 jessica postfix/smtpd[13724]: disconnect from villa.m4internet.com[216.13.249.130] May 26 17:17:38 jessica postfix/smtpd[16026]: disconnect from dynamic-adsl-78-14-7-173.clienti.tiscali.it[78.14.7.173] May 26 17:17:38 jessica postfix/smtpd[15106]: connect from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/smtpd[16044]: disconnect from unknown[95.73.35.183] May 26 17:16:29 jessica postfix/smtpd[15108]: disconnect from unknown[178.124.116.61] May 26 17:17:38 jessica postfix/smtpd[16063]: connect from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/smtpd[15574]: disconnect from unknown[109.188.251.107] May 26 17:17:38 jessica postfix/smtpd[15485]: disconnect from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/smtpd[15521]: disconnect from unknown[188.56.248.138] May 26 17:17:38 jessica postfix/smtpd[15538]: disconnect from unknown[87.109.237.52] May 26 17:17:38 jessica postfix/smtpd[15545]: connect from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/smtpd[15440]: disconnect from unknown[178.124.116.61] May 26 17:17:38 jessica postfix/smtpd[16013]: lost connection after CONNECT from localhost[127.0.0.1] May 26 17:18:11 jessica postfix/smtpd[16013]: disconnect from localhost[127.0.0.1] May 26 17:17:38 jessica postfix/qmgr[2892]: 5E2EB3423A3: removed May 26 17:18:11 jessica postfix/qmgr[2892]: 798133423A7: removed May 26 17:18:11 jessica postfix/qmgr[2892]: 71AB83423A5: removed May 26 17:18:11 jessica postfix/qmgr[2892]: 720CF3423A8: removed May 26 17:17:38 jessica postfix/smtpd[15404]: disconnect from 94.179.224.36.pool.3g.utel.ua[94.179.224.36] May 26 17:18:11 jessica postfix/qmgr[2892]: C677C34237E: from=ioinoqij4548@bellsouth.net, size=6992, nrcpt=1 (queue active) May 26 17:17:38 jessica postfix/smtpd[15116]: lost connection after CONNECT from localhost[127.0.0.1] May 26 17:18:11 jessica postfix/smtpd[15116]: disconnect from localhost[127.0.0.1]
later...
May 26 17:22:30 jessica postfix/smtpd[16128]: disconnect from 62.42.105.249.dyn.user.ono.com[62.42.105.249]
May 26 17:22:30 jessica postfix/smtpd[16100]: disconnect from a219-86.adsl.paltel.net[213.6.219.86]
May 26 17:22:30 jessica postfix/smtpd[12516]: disconnect from CPE-72-131-105-38.wi.res.rr.com[72.131.105.38]
May 26 17:22:30 jessica postfix/smtpd[14540]: disconnect from unknown[190.228.123.59]
May 26 17:22:30 jessica postfix/smtpd[15444]: disconnect from unknown[41.215.213.64]
May 26 17:22:30 jessica postfix/smtpd[12510]: disconnect from unknown[190.178.169.47]
May 26 17:22:30 jessica postfix/smtpd[15118]: disconnect from localhost[127.0.0.1]
May 26 17:22:30 jessica postfix/smtpd[15126]: disconnect from localhost[127.0.0.1]
May 26 17:22:30 jessica postfix/smtpd[15115]: disconnect from unknown[178.137.15.96]
May 26 17:22:30 jessica postfix/smtpd[15441]: disconnect from 83-71-8-187-dynamic.b-ras1.dbn.dublin.eircom.net[83.71.8.187]
May 26 17:22:30 jessica postfix/smtpd[15333]: disconnect from unknown[92.60.27.169]
May 26 17:22:30 jessica postfix/smtpd[15213]: disconnect from unknown[190.228.123.59]
May 26 17:22:30 jessica postfix/smtpd[15405]: disconnect from unknown[218.111.34.193]
May 26 17:22:30 jessica postfix/smtpd[17930]: disconnect from unknown[77.242.20.182]
May 26 17:22:30 jessica postfix/smtpd[15396]: lost connection after CONNECT from unknown[119.195.140.60]
May 26 17:22:30 jessica postfix/smtpd[15422]: disconnect from unknown[72.243.245.50]
May 26 17:22:30 jessica postfix/smtpd[15540]: disconnect from unknown[72.243.245.50]
May 26 17:22:30 jessica postfix/smtpd[16099]: disconnect from unknown[72.243.245.50]
May 26 17:22:30 jessica postfix/smtpd[15113]: warning: timeout on /var/spool/postfix/postgrey/socket while reading input attribute name
May 26 17:22:32 jessica postfix/smtpd[15119]: warning: 95.139.137.59: hostname node-95-139-137-59.domolink.tula.net verification failed: Name or service not known
May 26 17:22:44 jessica postgrey[2827]: WARNING: closeing with write buffer at /usr/lib/perl5/vendor_perl/5.8.8/IO/Multiplex.pm line 913.
May 26 17:22:46 jessica postfix/smtpd[15123]: connect from unknown[85.30.237.235]
and later (I assume this is because the system is getting overwhelmed)
May 26 20:31:22 jessica postfix/smtpd[19082]: warning: timeout on private/anvil while reading input attribute name May 26 20:31:22 jessica postfix/smtpd[19082]: warning: problem talking to server private/anvil: Connection timed out May 26 20:31:22 jessica postfix/smtpd[19234]: warning: timeout on private/anvil while reading input attribute name May 26 20:31:22 jessica postfix/smtpd[19234]: warning: problem talking to server private/anvil: Connection timed out May 26 20:31:22 jessica postfix/smtpd[19377]: warning: timeout on private/anvil while reading input attribute name May 26 20:31:22 jessica postfix/smtpd[19377]: warning: problem talking to server private/anvil: Connection timed out May 26 20:31:22 jessica postfix/smtpd[19559]: warning: timeout on private/anvil while reading input attribute name May 26 20:31:22 jessica postfix/smtpd[19559]: warning: problem talking to server private/anvil: Connection timed out May 26 20:31:22 jessica postfix/smtpd[19147]: warning: timeout on private/anvil while reading input attribute name May 26 20:31:22 jessica postfix/smtpd[19147]: warning: problem talking to server private/anvil: Connection timed out May 26 20:31:22 jessica postfix/smtpd[15396]: warning: timeout on private/anvil while reading input attribute name May 26 20:31:22 jessica postfix/smtpd[15396]: warning: problem talking to server private/anvil: Connection timed out May 26 20:31:22 jessica postfix/smtpd[18719]: warning: timeout on private/anvil while reading input attribute name May 26 20:31:22 jessica postfix/smtpd[18719]: warning: problem talking to server private/anvil: Connection timed out May 26 20:31:22 jessica postfix/smtpd[19687]: warning: timeout on private/anvil while reading input attribute name
====================
Currently it does not seem to be accepting mail at all. Probably a good thing, as I would like to fix this before rebooting/starting anything.
Is this what a dns attack looks like? Or just a lot of spam? or... ?
I am using virtualmin gpl 3.78. I have postgrey, and spam assasin, apf firewall.
What can I do about this?
Is there a master switch within virtualmin that would allow me to double check that relaying is turned off for all domains?
Thank you all for any help or thoughts on this!
Chris